TNSM Searchable Index

Author(s)	Title	Year	Publication	Keywords
Divya D Kulkarni, Manit Baser, Mohan Gurusamy	ARCANE: Adversarial Resilience and Adaptive Network Slicing for UAV-based MEC	2026	Early Access		Network slicing and Multi-access Edge Computing (MEC) are pivotal elements of 5G communication technology, enabling diverse, low-latency services to distributed users. Unmanned Aerial Vehicles (UAVs) are being increasingly explored in delivering these services temporarily to remote locations, supporting surveillance in regions with restricted ground connectivity, monitoring urban traffic, and disaster relief. However, the resource constraints of UAVs demand efficient optimization strategies. While Artificial Intelligence (AI)-driven methods like Deep Reinforcement Learning (DRL) offer promising potential in optimizing service delays and minimizing power consumption with fewer UAVs, they remain vulnerable to adversarial attacks. This study evaluates two adversarial attacks against DRL baselines: a targeted service disruption attack that impacts the DRL environment to degrade decision-making and service quality, and an action bit-flipping attack that alters UAV selection, resulting in suboptimal provisioning. To address these vulnerabilities, we propose ARCANE, a resilient DRL-based multi-slice MEC framework for UAVs. ARCANE introduces the Exploratory-Thompson Deep-Q Network (ET-DQN), which leverages Thompson Sampling to effectively balance exploration and exploitation under adversarial conditions, optimizing UAV selection for MEC provisioning. Extensive experiments demonstrate that ARCANE outperforms baseline approaches, achieving ~ 4× faster mitigation of the environmental attack and ~ 2× quicker recovery from the attack on the actions. Moreover, we illustrate that ARCANE demonstrates strong resilience by effectively limiting the degradation in hovering time caused by the attacks.	10.1109/TNSM.2026.3656271
Yeryeong Cho, Sungwon Yi, Soohyun Park	Joint Multi-Agent Reinforcement Learning and Message-Passing for Resilient Multi-UAV Networks	2026	Early Access	Servers Heuristic algorithms Autonomous aerial vehicles	This paper introduces a novel resilient algorithm designed for distributed unmanned aerial vehicles (UAVs) in dynamic and unreliable network environments. Initially, the UAVs should be trained via multi-agent reinforcement learning (MARL) for autonomous mission-critical operations and are fundamentally grounded by centralized training and decentralized execution (CTDE) using a centralized MARL server. In this situation, it is crucial to consider the case where several UAVs cannot receive CTDE-based MARL learning parameters for resilient operations in unreliable network conditions. To tackle this issue, a communication graph is used where its edges are established when two UAVs/nodes are communicable. Then, the edge-connected UAVs can share their training data if one of the UAVs cannot be connected to the CTDE-based MARL server under unreliable network conditions. Additionally, the edge cost considers power efficiency. Based on this given communication graph, message-passing is used for electing the UAVs that can provide their MARL learning parameters to their edge-connected peers. Lastly, performance evaluations demonstrate the superiority of our proposed algorithm in terms of power efficiency and resilient UAV task management, outperforming existing benchmark algorithms.	10.1109/TNSM.2025.3650697
Yilu Chen, Ye Wang, Ruonan Li, Yujia Xiao, Lichen Liu, Jinlong Li, Yan Jia, Zhaoquan Gu	TrafficAudio: Audio Representation for Lightweight Encrypted Traffic Classification in IoT	2026	Early Access	Feature extraction Cryptography Telecommunication traffic	Encrypted traffic classification has become a crucial task for network management and security with the widespread adoption of encrypted protocols across the Internet and the Internet of Things. However, existing methods often rely on discrete representations and complex models, which leads to incomplete feature extraction, limited fine-grained classification accuracy, and high computational costs. To this end, we propose TrafficAudio, a novel encrypted traffic classification method based on audio representation. TrafficAudio comprises three modules: audio representation generation (ARG), audio feature extraction (AFE), and spatiotemporal traffic classification (STC). Specifically, the ARG module first represents raw network traffic as audio to preserve temporal continuity of traffic. Then, the audio is processed by the AFE module to compute low-dimensional Mel-frequency cepstral coefficients (MFCC), encoding both temporal and spectral characteristics. Finally, spatiotemporal features are extracted from MFCC through a parallel architecture of one-dimensional convolutional neural network and bidirectional gated recurrent unit layers, enabling fine-grained traffic classification. Experiments on five public datasets across six classification tasks demonstrate that TrafficAudio consistently outperforms ten state-of-the-art baselines, achieving accuracies of 99.74%, 98.40%, 99.76%, 99.25%, 99.77%, and 99.74%. Furthermore, TrafficAudio significantly reduces computational complexity, achieving reductions of 86.88% in floating-point operations and 43.15% of model parameters over the best-performing baseline.	10.1109/TNSM.2026.3651599
M. Gharbaoui, F. Sciarrone, M. Fontana, P. Castoldi, B. Martini	Assurance and Conflict Detection in Intent-Based Networking: A Comprehensive Survey and Insights on Standards and Open-Source Tools	2026	Early Access	Surveys Translation Bandwidth	Intent-Based Networking (IBN) enables operators to specify high-level outcomes while the system translates these intents into concrete policies and configurations. As IBN deployments grow in scale, heterogeneity and dynamicity, ensuring continuous alignment between network behavior and user objectives becomes both essential and increasingly difficult. This paper provides a technical survey of assurance and conflict detection techniques in IBN, with the goal of improving reliability, robustness, and policy compliance. We first position our survey with respect to existing work. We then review current assurance mechanisms, including the use of AI, machine learning, and real-time monitoring for validating intent fulfillment. We also examine conflict detection methods across the intent lifecycle, from capture to implementation. In addition, we outline relevant standardization efforts and open-source tools that support IBN adoption. Finally, we discuss key challenges, such as AI/ML integration, generalization, and scalability, and present a roadmap for future research aimed at strengthening robustness of IBN frameworks.	10.1109/TNSM.2026.3651896
Haoran Hu, Huazhi Lun, Ya Wang, Zhifeng Deng, Jiahao Li, Yuexiang Cao, Ying Liu, Heng Zhang, Jie Tang, Huicun Yu, Jiahua Wei, Xingyu Wang, Lei Shi	Effective Resource Scheduling Design for Concurrent Competing Requests in Quantum Networks	2026	Early Access	Purification Quantum networks Quantum entanglement	Quantum networks, as a pivotal platform to support numerous quantum applications, have the potential to far exceed traditional communication networks. Establishing end-to-end entanglement connections with guaranteed fidelity is a key prerequisite for realizing the functionality of quantum networks. Entanglement purification techniques are commonly used in the entanglement distribution process to provide end-to-end entanglement connections that meet the fidelity requirements. Since the purification operation sacrifices a certain amount of entanglement resources, it is critical and challenging to efficiently utilize the scarce entanglement resources in quantum networks with concurrent competing requests. To address this problem, we propose a novel demand-oriented resource scheduling (DRS) algorithm. Considering the overall network demand, DRS introduces a congestion factor to evaluate the resource demand of each link, and performs purification operations sequentially based on the congestion level of the links, thus avoiding the excessive consumption of entanglement resources of bottleneck links. Extensive simulation results show that the DRS algorithm can achieve higher network throughput with similar resource conversion rates compared to traditional resource allocation schemes. Our work provides a new scheme for the resource scheduling problem under concurrent competing requests, which can promote the further development of existing entanglement routing techniques.	10.1109/TNSM.2026.3651862
Jack Wilkie, Hanan Hindy, Craig Michie, Christos Tachtatzis, James Irvine, Robert Atkinson	A Novel Contrastive Loss for Zero-Day Network Intrusion Detection	2026	Early Access	Contrastive learning Anomaly detection Training	Machine learning has achieved state-of-the-art results in network intrusion detection; however, its performance significantly degrades when confronted by a new attack class— a zero-day attack. In simple terms, classical machine learning-based approaches are adept at identifying attack classes on which they have been previously trained, but struggle with those not included in their training data. One approach to addressing this shortcoming is to utilise anomaly detectors which train exclusively on benign data with the goal of generalising to all attack classes— both known and zero-day. However, this comes at the expense of a prohibitively high false positive rate. This work proposes a novel contrastive loss function which is able to maintain the advantages of other contrastive learning-based approaches (robustness to imbalanced data) but can also generalise to zero-day attacks. Unlike anomaly detectors, this model learns the distributions of benign traffic using both benign and known malign samples, i.e. other well-known attack classes (not including the zero-day class), and consequently, achieves significant performance improvements. The proposed approach is experimentally verified on the Lycos2017 dataset where it achieves an AUROC improvement of.000065 and.060883 over previous models in known and zero-day attack detection, respectively. Finally, the proposed method is extended to open-set recognition achieving OpenAUC improvements of.170883 over existing approaches.The implementation and experiments are open-sourced and available at: https://github.com/jackwilkie/CLOSR	10.1109/TNSM.2026.3652529
Marco Polverini, Andrés García-López, Juan Luis Herrera, Santiago García-Gil, Francesco G. Lavacca, Antonio Cianfrani, Jaime Galán-Jiménez	Avoiding SDN Application Conflicts With Digital Twins: Design, Models and Proof of Concept	2026	Early Access	Digital twins Analytical models Routing	Software-Defined Networking (SDN) enables flexible and programmable control over network behavior through the deployment of multiple control applications. However, when these applications operate simultaneously, each pursuing different and potentially conflicting objectives, unexpected interactions may arise, leading to policy violations, performance degradation, or inefficient resource usage. This paper presents a Digital Twin (DT)-based framework for the early detection of such application-level conflicts. The proposed framework is lightweight, modular, and designed to be seamlessly integrated into real SDN controllers. It includes multiple DT models capturing different network aspects, including end-to-end delay, link congestion, reliability, and carbon emissions. A case study in a smart factory scenario demonstrates the framework’s ability to identify conflicts arising from coexisting applications with heterogeneous goals. The solution is validated through both simulation and proof-of-concept implementation tested in an emulated environment using Mininet. The performance evaluation shows that three out of four DT models achieve a precision above 90%, while the minimum recall across all models exceeds 84%. Moreover, the proof of concept confirms that what-if analyses can be executed in a few milliseconds, enabling timely and proactive conflict detection. These results demonstrate that the framework can accurately detect conflicts and deliver feedback fast enough to support timely network adaptation.	10.1109/TNSM.2026.3652800
Jian Ye, Lisi Mo, Gaolei Fei, Yunpeng Zhou, Ming Xian, Xuemeng Zhai, Guangmin Hu, Ming Liang	TopoKG: Infer Internet AS-Level Topology From Global Perspective	2026	Early Access	Business Topology Routing	Internet Autonomous System (AS) level topology includes AS topology structure and AS business relationships, describes the essence of Internet inter-domain routing, and is the basis for Internet operation and management research. Although the latest topology inference methods have made significant progress, those relying solely on local information struggle to eliminate inference errors caused by observation bias and data noise due to their lack of a global perspective. In contrast, we not only leverage local AS link features but also re-examine the hierarchical structure of Internet AS-level topology, proposing a novel inference method called topoKG. TopoKG introduces a knowledge graph to represent the relationships between different elements on a global scale and the business routing strategies of ASes at various tiers, which effectively reduces inference errors resulting from observation bias and data noise by incorporating a global perspective. First, we construct an Internet AS-level topology knowledge graph to represent relevant data, enabling us to better leverage the global perspective and uncover the complex relationships among multiple elements. Next, we employ knowledge graph meta paths to measure the similarity of AS business routing strategies and introduce this global perspective constraint to infer the AS business relationships and hierarchical structure iteratively. Additionally, we embed the entire knowledge graph upon completing the iteration and conduct knowledge inference to derive AS business relationships. This approach captures global features and more intricate relational patterns within the knowledge graph, further enhancing the accuracy of AS-level topology inference. Compared to the state-of-the-art methods, our approach achieves more accurate AS-level topology inference, reducing the average inference error across various AS link types by up to 1.2 to 4.4 times.	10.1109/TNSM.2026.3652956
Shagufta Henna, Upaka Rathnayake	Hypergraph Representation Learning-Based xApp for Traffic Steering in 6G O-RAN Closed-Loop Control	2026	Early Access	Open RAN Resource management Ultra reliable low latency communication	This paper addresses the challenges in resource allocation within disaggregated Radio Access Networks (RAN), particularly when dealing with Ultra-Reliable Low-Latency Communications (uRLLC), enhanced Mobile Broadband (eMBB), and Massive Machine-Type Communications (mMTC). Traditional traffic steering methods often overlook individual user demands and dynamic network conditions, while multi-connectivity further complicates resource management. To improve traffic steering, we introduce Tri-GNN-Sketch, a novel graph-based deep learning approach employing Tri-subgraph sampling to enhance link prediction in Open RAN (O-RAN) environments. Link prediction refers to accurately forecasting optimal connections between users and network resources using current and historical measurements. Tri-GNN-Sketch is trained on real-world 4G/5G RAN monitoring data. The model demonstrates robust performance across multiple metrics, including precision, recall, F1 score, and ROC-AUC, effectively modeling interfering nodes for accurate traffic steering. We further propose Tri-HyperGNN-Sketch, which extends the approach to hypergraph modeling, capturing higher-order multi-node relationships. Using link-level simulations based on Channel Quality Indicator (CQI)-to-modulation mappings and LTE transport block size specifications, we evaluate throughput and packet delay for Tri-HyperGNN-Sketch. Tri-HyperGNN-Sketch achieves an exceptional link prediction accuracy of 99.99% and improved network-level performance, including higher effective throughput and lower packet delay compared to Tri-GNN-Sketch (95.1%) and other hypergraph-based models such as HyperSAGE (91.6%) and HyperGCN (92.31%) for traffic steering in complex O-RAN deployments.	10.1109/TNSM.2026.3654534
Apurba Adhikary, Avi Deb Raha, Yu Qiao, Md. Shirajum Munir, Mrityunjoy Gain, Zhu Han, Choong Seon Hong	Age of Sensing Empowered Holographic ISAC Framework for NextG Wireless Networks: A VAE and DRL Approach	2026	Early Access	Array signal processing Resource management Integrated sensing and communication	This paper proposes an AI framework that leverages integrated sensing and communication (ISAC), aided by the age of sensing (AoS) to ensure the timely location updates of the users for a holographic MIMO (HMIMO)-assisted base station (BS)-enabled wireless network. The AI-driven framework aims to achieve optimized power allocation for efficient beamforming by activating the minimal number of grids from the HMIMO BS for serving the users. An optimization problem is formulated to maximize the sensing utility function, aiming to maximize the communication signal-to-interference-plus-noise ratio (SINRc) of the received signals and beam-pattern gains to improve the sensing SINR of reflected echo signals, which in turn maximizes the achievable rate of users. A novel AI-driven framework is presented to tackle the formulated NP-hard problem that divides it into two problems: a sensing problem and a power allocation problem. The sensing problem is solved by employing a variational autoencoder (VAE)-based mechanism that obtains the sensing information leveraging AoS, which is used for the location update. Subsequently, a deep deterministic policy gradient-based deep reinforcement learning scheme is devised to allocate the desired power by activating the required grids based on the sensing information achieved with the VAE-based mechanism. Simulation results demonstrate the superior performance of the proposed AI framework compared to advantage actor-critic and deep Q-network-based methods, achieving a cumulative average SINRc improvement of 8.5 dB and 10.27 dB, and a cumulative average achievable rate improvement of 21.59 bps/Hz and 4.22 bps/Hz, respectively. Therefore, our proposed AI-driven framework guarantees efficient power allocation for holographic beamforming through ISAC schemes leveraging AoS.	10.1109/TNSM.2026.3654889
Jing Zhang, Chao Luo, Rui Shao	MTG-GAN: A Masked Temporal Graph Generative Adversarial Network for Cross-Domain System Log Anomaly Detection	2026	Early Access	Anomaly detection Adaptation models Generative adversarial networks	Anomaly detection of system logs is crucial for the service management of large-scale information systems. Nowadays, log anomaly detection faces two main challenges: 1) capturing evolving temporal dependencies between log events to adaptively tackle with emerging anomaly patterns, 2) and maintaining high detection capabilities across varies data distributions. Existing methods rely heavily on domain-specific data features, making it challenging to handle the heterogeneity and temporal dynamics of log data. This limitation restricts the deployment of anomaly detection systems in practical environments. In this article, a novel framework, Masked Temporal Graph Generative Adversarial Network (MTG-GAN), is proposed for both conventional and cross-domain log anomaly detection. The model enhances the detection capability for emerging abnormal patterns in system log data by introducing an adaptive masking mechanism that combines generative adversarial networks with graph contrastive learning. Additionally, MTG-GAN reduces dependency on specific data distribution and improves model generalization by using diffused graph adjacency information deriving from temporal relevance of event sequence, which can be conducive to improve cross-domain detection performance. Experimental results demonstrate that MTG-GAN outperforms existing methods on multiple real-world datasets in both conventional and cross-domain log anomaly detection.	10.1109/TNSM.2026.3654642
Ze Wei, Rongxi He, Chengzhi Song, Xiaojing Chen	Differentiated Offloading and Resource Allocation with Energy Anxiety Level Consideration in Heterogeneous Maritime Internet of Things	2026	Early Access	Internet of Things Resource management Carbon footprint	The popularity of maritime activities not only exacerbates the carbon footprint (CF) but also places higher demands on Maritime Internet of Things (MIoTs) to support heterogeneous MIoT devices (MIoTDs) with different prioritized tasks. High-priority tasks can be processed cooperatively via local computation, offloading to nearby MIoTDs (helpers), or offloading to edge servers to ensure their timely and successful completion. Due to the differences in energy availability and rechargeability, MIoTDs exhibit distinct energy states, impacting their operational behaviors. We propose the Energy Anxiety Level (EAL) to quantify these states: Higher EAL tends to lead to increased packet dropping and earlier shutdown. Although low-EAL MIoTDs seem preferable as helpers, their scarce residual computational resources after local task completion may cause offloaded high-priority tasks to drop or time out. Therefore, helper selection should jointly consider candidate MIoTDs’ EALs and loads to evaluate their unsuitability. This paper addresses the problem of differentiated task offloading and resource allocation in MIoTs by formulating it as a mixed integer nonlinear programming model. The objective is to minimize system-wide carbon footprint (CF), packet loss, helper unsuitability risk, and high-priority task latency. To solve this complex problem, we decompose it into two subproblems. We then design algorithms to determine optimal offloading patterns, task partitioning factors, MIoTD transmission powers, and computation resource allocation for MIoTDs and edge servers. Simulation results demonstrate that our proposal outperforms benchmarks in reducing CF and EAL, lowering high-priority task latency, and improving task completion ratio.	10.1109/TNSM.2026.3655385
Xiaofeng Liu, Naigong Zheng, Fuliang Li	Don’t Let SDN Obsolete: Interpreting Software-Defined Networks with Network Calculus	2026	Early Access	Delays Calculus Analytical models	Although Software-Defined Network (SDN) has gained popularity in real-world deployments for its flexible management paradigm, its centralized control principle leads to various known performance issues. In this paper, we propose SDN-Mirror, a novel generalized delay analytical model based on network calculus, to interpret how the performance is affected and to illustrate how to accelerate the performance as well. We first elaborate the impact of parameters on packet forwarding delay in SDN, including device capacity, flow features and cache size. Then, building upon the analysis, we establish SDN-Mirror, which acts like a mirror, capable of not only precisely representing the relation between packet forwarding delay and each parameter but also verifying the effectiveness of optimization policies. At last, we evaluate SDN-Mirror by quantifying how each parameter affects the forwarding delay under different table matching states. We also verify a performance improvement policy with the optimized SDN-Mirror and experiment results show that packet forwarding delays of kernel space matching flow, userspace matching flow and unmatched flow can be reduced by 39.8%, 20.7% and 13.2%, respectively.	10.1109/TNSM.2026.3655704
Xinshuo Wang, Lei Liu, Baihua Chen, Yifei Li	ENCC: Explicit Notification Congestion Control in RDMA	2026	Early Access	Bandwidth Data centers Heuristic algorithms	Congestion control (CC) is essential for achieving ultra-low latency, high bandwidth, and network stability in high-speed networks. However, modern high-performance RDMA networks, crucial for distributed applications, face significant performance degradation due to limitations of existing CC schemes. Most conventional approaches rely on congestion notification signals that must traverse the queuing data path before congestion signals can be sent back to the sender, causing delayed responses and severe performance collapse. This study proposes Explicit Notification Congestion Control (ENCC), a novel high-speed CC mechanism that achieves low latency, high throughput, and strong network stability. ENCC employs switches to directly notify the sender of precise link load information and avoid notification signal queuing. This allows precise sender-side rate control and queue regulation. ENCC also ensures fairness and easy deployment in hardware. We implement ENCC based on FPGA network interface cards and programmable switches. Evaluation results show that ENCC achieves substantial through-put improvements over representative baseline algorithms, with gains of up to 16.6× in representative scenarios, while incurring minimal additional latency.	10.1109/TNSM.2026.3656015
Qian Yang, Suoping Li, Jaafar Gaber, Sa Yang	An Optimal Matching Channel Selection Strategy Based on (K+1)-layer 3-D CTMC for Suppressing Spectrum Fragmentation in 5G/B5G Cognitive Radio Ad Hoc Networks	2026	Early Access		Dynamic spectrum access (DSA) is one of the pivotal technologies that is widely recognized to be able to cope with the massive demand for limited spectrum resources by massive data in 5G/B5G networks. To address spectrum fragmentation and sharing in 5G/B5G cognitive radio ad hoc networks (CRAHNs), based on the DSA technique, this paper proposes an optimal matched channel selection strategy with finite buffer (OMCS-FB). In the OMCS-FB, a cognitive user (CU) with the transmission request selects the channel whose idle time optimally matches its transmission time rather than selecting the channel with the longest idle time; if the CU fails to access the channel, the CU enters the buffer and waits for the next transmission opportunity. A (K+1)-layer continuous-time Markov chain (CTMC) with the number of primary users (PUs) and CUs in primary channels and the number of CUs in the buffer as 3-D metrics is established, which can effectively portray the activity behavior of users and the occupancy states of primary channels under the OMCS-FB. The CTMC rate steady-state equations are then solved using the successive over-relaxation (SOR) iterative algorithm to obtain the system steady-state probability distributions and performance metrics. The results show that the OMCS-FB effectively suppresses spectrum fragmentation of the MAC layer in the time dimension and enables efficient spectrum sharing among CUs and PUs, as verified by Monte Carlo simulation.	10.1109/TNSM.2026.3656378
Awaneesh Kumar Yadav, An Braeken, Madhusanka Liyanage	A Provably Secure Lightweight Three-factor 5G-AKA Authentication Protocol relying on an Extendable Output Function	2026	Early Access		Compared to 4G, the designed authentication and key agreement protocol for 5G communication (5G-AKA) offers better security. State-of-the-art shows that various protocols indicate the flaws in the 5G-AKA and suggest solutions primarily for the desynchronization attack, traceability attack, and perfect forward secrecy. However, most authentication protocols fail to facilitate the device stolen attack and are expensive; they also do not consider the prominent security issues such as post-compromise security and non-repudiation. Considering the above demerits of these protocols and the necessity to offer additional security, a provably secure lightweight 5G-AKA multi-factor authentication protocol relying on an extendable output function is proposed. The security of the proposed work has been confirmed informally and formally (ROR logic, GNY logic, and Scyther tool) to ensure that the proposed work handles all types of attacks and offers additional security features, such as post-compromise features and non-repudiation. Furthermore, we compute the performance of the proposed work and compare it with its counterparts to show that our work is less costly and more suitable for lightweight devices than others in terms of computational, communication, storage, and energy consumption cost.	10.1109/TNSM.2026.3656167
Ning Zhao, Dongke Zhao, Huiyan Zhang, Yongchao Liu, Liang Zhang	Resilient Dynamic Event-Triggered Fuzzy Tracking Control for Nonlinear Systems Under Hybrid Attacks	2026	Vol. 23, Issue	Event detection Fuzzy systems Denial-of-service attack	This article investigates the issue of event-triggered tracking control for Takagi–Sugeno fuzzy systems subject to hybrid attacks. First, the deception attacks occurring on the feedback channel are considered using a Bernoulli process, in which an attacker injects state-dependent malicious signals. Next, the minimal ‘silent’ and maximal ‘active’ periods are defined to describe the duration of aperiodic denial-of-service (DoS) attacks. To take advantage of communication bandwidth and resist DoS attacks, a sampled data-based resilient dynamic event-triggered strategy is designed. Then, an event-based fuzzy tracking controller is designed to guarantee the stability of error system under hybrid attacks. Subsequently, sufficient conditions for the stability analysis are proposed by utilizing a fuzzy-basis-dependent Lyapunov-Krasovskii functional. Meanwhile, the control gains and event-triggering parameters are co-designed by applying linear matrix inequalities. Furthermore, the proposed method is extended to address the tracking control problem of multi-agent systems. Finally, the feasibility of the presented approach is validated by two examples.	10.1109/TNSM.2025.3625395
Keke Zheng, Mai Zhang, Mimi Qian, Waiming Lau, Lin Cui	sketchPro: Identifying Top-k Items Based on Probabilistic Update on Programmable Data Plane	2026	Vol. 23, Issue	Accuracy Pipeline processing Hardware	Detecting the top-k heaviest items in network traffic is fundamental to traffic engineering, congestion control, and security analytics. Controller-side solutions suffer from high communication latency and heavy resource overhead, motivating the migration of this task to programmable data planes (PDP). However, PDP hardware (e.g., Tofino ASIC) offers only a few megabytes of on-chip SRAM per pipeline stage and supports neither loops nor complex arithmetic, making accurate top-k detection highly challenging. This paper proposes sketchPro, a novel sketch-based solution that employs a probabilistic update scheme to retain large items, enabling accurate top-k identification on PDP with minimal memory. sketchPro dynamically adjusts the probability of updates based on the current statistical size of the items and the frequency of hash collisions, thus allowing sketchPro to effectively detect top-k items. We have implemented sketchPro on PDP, including P4 software switch (i.e., BMv2) and hardware switch (Intel Tofino ASIC). Extensive evaluation results demonstrate that sketchPro can achieve more than 95% precision with only 10KB of memory.	10.1109/TNSM.2025.3634742
Giovanni Pettorru, Marco Martalò	A Persistent and Secure Publish-Subscriber Architecture for Low-Latency IoT Communications	2026	Vol. 23, Issue	Internet of Things Protocols Low latency communication	Secure and low-latency data exchange is gaining more and more attention in Internet of Things (IoT) applications. To achieve such stringent requirements, we propose to combine persistent connections and TLS session ticket resumption, as in WebSocket (WS) and QUIC, respectively. Considering the nodes of an IoT cluster as a single virtual entity, we propose to integrate an innovative network management strategy, which employs a publish-subscribe (Pub/Sub) architecture based on the Message Queuing Telemetry Transport (MQTT) protocol, for TLS session tickets sharing between cluster nodes to mitigate the session initialization latency. The proposed system is referred to as WS over QUIC and MQTT (WSQM) and its performance is experimentally assessed with IoT-compliant devices. Our results show that WSQM reduces the latency if compared with similar alternatives that rely on Transmission Control Protocol (TCP) and Transport Layer Security (TLS), as well as other QUIC-based protocols such as the HyperText Transfer Protocol version 3 (HTTP/3). Moreover, WSQM achieves minimal resource utilization in terms of percentage of RAM and CPU usage, thus highlighting its ability to meet the critical requirements of IoT applications.	10.1109/TNSM.2025.3635212
Deqiang Zhou, Xinsheng Ji, Wei You, Hang Qiu, Yu Zhao, Mingyan Xu	Intent-Based Automatic Security Enhancement Method Toward Service Function Chain	2026	Vol. 23, Issue	Security Translation Servers	The reliance on Network Function Virtualization (NFV) and Software-Defined Network (SDN) introduces a wide variety of security risks in Service Function Chain (SFC), necessitating the implementation of automated security measures to safeguard ongoing service delivery. To address the security risks faced by online SFCs and the shortcomings of traditional manual configuration, we introduce Intent-Based Networking (IBN) for the first time to propose an automatic security enhancement method through embedding Network Security Functions (NSFs). However, the diverse security requirements and performance requirements of SFCs pose significant challenges to the translation from intents to NSF embedding schemes, which manifest in two main aspects. In the logical orchestration stage, NSF composition consisting of NSF sets and their logical embedding locations will significantly impact the security effect. So security intent language model, a formalized method, is proposed to express the security intents. Additionally, NSF Embedding Model Generation Algorithm (EMGA) is designed to determine NSF composition by utilizing NSF capability label model and NSF collaboration model, where NSF composition can be further formulated as NSF embedding model. In the physical embedding stage, the differentiated service requirements among SFCs result in NSF embedded model obtained by EMGA being a multi-objective optimization problem with variable objectives. Therefore, Adaptive Security-aware Embedding Algorithm (ASEA) featuring adaptive link weight mapping mechanism is proposed to solve the optimal NSF embedding schemes. This enables the automatic translation of security intents into NSF embedding schemes, ensuring that both security requirements are met and service performance is guaranteed. We develop the system instance to verify the feasibility of intent translation solution, and massive evaluations demonstrate that ASEA algorithm has better performance compared with the existing works in the diverse requirement scenarios.	10.1109/TNSM.2025.3635228